-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Evan Brown wrote: > Smoothwall is not our dhcp server so I don't know if this will work. I > think that I have to do something to the iptables and I don't really > know what.. DHCP is irrelevant. > I found some guy talking about manually adding some junk to the > rc.firewall.up file but I don't know enough to make a change to my > existing file. > > "/sbin/iptables -t nat -A PREROUTING -p tcp -i $GREEN_DEV -d 10.1.1.229 > --dport 23 -j DNAT --to 192.168.77.2:23 " > "/sbin/iptables -A FORWARD -p tcp -i $ORANGE_DEV -d 192.168.77.2 --dport > 23 -j ACCEPT" > > so if anyone know what the heck this is doing please lemme know. > ssh in to the smoothwall box (or sit down in front of the console). I use vim but there are a couple of text editors you can usually choose from. joe and nano are easy to learn (vim is easy to use, but more difficult to learn, well worth the investment IMO). basically, the -d stands for destination, so replace the 10.1.1.229 with your internal IP. --dport is destination port, in this example it is telnet (23) so you will need to change the port to match your application. Also the -p tcp is for protocal, if yours is not a tcp app, then you can try udp. The DNAT line is destination nat (NAT the outside to some point on the inside). The example above has the destination The example above is for a network with a DMZ (orange) set up Again I likely need to know more to be of more help. Cheers, > Evan >> If you are trying to access your resource by NAME, which then gets >> resolved to an IP address, try putting a HOSTS entry on the firewall >> that points to the needed IP address. Then when the firewall responds >> to requests for that name from the internal network, it points it at the >> correct location. Requests like this from outside should never arrive >> at your firewall (unless it is the primary DNS server for your domain, >> in which case you have a slightly different problem. >> >> This issue is not unique to any particular firewall, but to how a >> network is set up. I've had to do the above tip with IPCop as well. >> >> HTH, if not, then you are probably looking at tweaking iptables which >> takes a bit to get your head around... >> >> Shawn >> >> Evan Brown wrote: >> >>> Hi >>> >>> I'm not sure if anyone is experienced with the Smoothwall fire wall but >>> I have one setup and running well although I have a small problem from a >>> usability stand point. I need to connect from my green zone to the red >>> zone using the red zone IP address. We are currently port forwarding >>> from red to green and that works fine outside of the lan but when we on >>> the lan we can't hit the red zone ip. Any help would be appreciated. >>> >>> Evan Brown >>> > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFEZaMwRXgH3rKGfMRAh9pAKCRIEGO57SvM4NOj3Ja0orY8PfmQgCeL4Fd ZLDzpBiDcWky0W6xC2rjs5g= =UWQq -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
